In this advice note the name Arran Isle means Arran Isle Holdings Limited and any of the other group entities which may use the documentation that we have provided to you.

1. Cookies Notice

Cookies are small text files that most websites use to recognise their visitors. In addition to the provision of certain information about cookies, visitors to your website must also give their consent to the placing of cookies.

Arran Isle must not store information or gain access to information stored in the computer (or other web-enabled device such as smart phones and tablets) of a customer unless the customer "is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information" and "has given his or her consent". 

The only cookies that do not need consent from the customer are those that are strictly necessary to fulfil the customer's request for services. That will cover, for example, the use of cookies to remember the contents of a customer's shopping basket as the customer moves through several pages on a website. Other cookies, including those used to count visitors to a website and those used to serve advertising, will require consent.

We recommend that the cookies used on the Arran Isle websites are regularly reviewed to ensure that the Cookies Policy remains relevant.

In order to demonstrate you have the informed consent of the customer you should have either a footer/header that flags the use of cookies and directs a customer to the Cookie Policy, or alternatively a fairly non-intrusive pop-up box. 

Exactly how you decide to deliver the notice will depend on your website, but please note the following requirements:

  • the notice can appear for a limited period on the customer first landing on the homepage, but it should appear for long enough for the customer reasonably to be able to read and decide what action they want to take;
  • the cookies policy should be flagged separately in the footer of the website, and it should be made obvious to customers - perhaps by putting it in a different colour or making it bold. This allows the customers easily to access the information at a later point; and
  • the notice should set out brief details of the cookies used and how to find out more information, for example:

Our website uses a number of cookies which allow us to distinguish you from other users of our website, help us to provide you with a good experience when you browse our website and allow us to improve our site. Read more about the individual cookies we use and how to recognise them by clicking here.

2. Privacy Notice

Whenever personal data is collected on any of the websites there should be a privacy notice.

A privacy notice should provide basic details of the proposed uses of the customer's personal data, in particular flagging any uses that the customer may object to, such as using the personal data for marketing and sharing it with third parties.  As the privacy notice will only contain basic details about the planned processing activities of Arran Isle (and if any third parties), it should also contain a link to the applicable privacy policy to allow the customer to find out more information about how Arran Isle will use their personal data. 

The privacy notice should always appear before a customer submits any personal information. 

3. Marketing Consent

For most personal data processing activities, including marketing and transfers to third parties, it is necessary to get a customer's consent prior to undertaking the processing.  For consent to be valid it must be freely given and relate to specific categories of processing that will be undertaken and of which the customer must have been informed  of prior to giving consent.

Where Arran Isle is marketing by electronic means, every marketing message must include:

  • the identity of Arran Isle, as the sender of the marketing (even where a third party is sending the marketing on its behalf); and
  • a simple means for the customer to opt-out of receiving any future marketing e.g. an unsubscribe link.

3.1 Opt-in vs Opt-out

We have drafted the consents on an opt-in basis. As a matter of best practice, all consents on the site would use the same approach, so either 'opt-in' or 'opt-out' to minimise customer confusion. Additionally, this makes keeping an accurate record of the consents given by customers much easier, as going forward only one marker is required on the record and it is not necessary to note down whether it is an opt-in consent or an opt-out consent.

Opt-in consent is the safest option, as it is easiest to demonstrate that the customer has given informed consent.  Whilst it is more difficult to demonstrate that the customer has given informed consent when using an opt-out (as 'consent' was given by a failure to take action), it tends to increase the number of customers to which a data controller can market. We can draft an opt-out version if you would prefer.

Regardless of the consent mechanism used, it is important that the privacy notice appears and consent is given prior to the 'register' button (or equivalent).  This is more important if you choose to use 'opt-out' consent, as in order to demonstrate consent has been given, the site should have a prominent opt-out box that has not been ticked, as this helps to establish that by clicking the 'register' button the customer has consented to receiving email marketing.

If you choose to use an opt-out you may be able to rely on the 'soft opt-in'. Under PECR where a company has collected an email address and mobile number as part of the sales process that company can send electronic marketing to the customer which relates to the same or similar products to those purchased by the customer, provided that the customer is given chance to opt-out of receiving such marketing.

3.2 Example notice and consent

Arran Isle Holdings Limited will use the personal data we collect from you to provide you with products and services and to inform you about various offers and promotions via email, post, SMS, telephone. We will process any personal data that we collect from you in accordance with our Privacy Policy. By clicking log in you are consenting to us sending you marketing by the methods you have selected.